With this week being Fraud Awareness Week, here are my five top tips to remember when handling digital evidence:

  1. Do NOT turn on the device;
  2. If a computer is on, if possible, forensically capture any live volatile data and then turn it off directly at the power switch. Do not use the shutdown command. If a server is on, power it down. Likewise, for mobile devices, if passcodes etc have been successfully obtained, remove the battery, if possible or do a full shutdown;
  3. Freeze the scene and ensure that the computer/device and any digital media is securely stored so that it can be forensically captured;
  4. Try and identify the user, other potential media and any other relevant information;
  5. Call in an expert.